CVE-2011-1002
22.02.2011, 19:00
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| avahi | avahi | 𝑥 ≤ 0.6.28 |
| avahi | avahi | 0.1 |
| avahi | avahi | 0.2 |
| avahi | avahi | 0.3 |
| avahi | avahi | 0.4 |
| avahi | avahi | 0.5 |
| avahi | avahi | 0.5.1 |
| avahi | avahi | 0.5.2 |
| avahi | avahi | 0.6.1 |
| avahi | avahi | 0.6.2 |
| avahi | avahi | 0.6.3 |
| avahi | avahi | 0.6.4 |
| avahi | avahi | 0.6.5 |
| avahi | avahi | 0.6.6 |
| avahi | avahi | 0.6.7 |
| avahi | avahi | 0.6.8 |
| avahi | avahi | 0.6.9 |
| avahi | avahi | 0.6.10 |
| avahi | avahi | 0.6.11 |
| avahi | avahi | 0.6.12 |
| avahi | avahi | 0.6.13 |
| avahi | avahi | 0.6.14 |
| avahi | avahi | 0.6.15 |
| avahi | avahi | 0.6.16 |
| avahi | avahi | 0.6.17 |
| avahi | avahi | 0.6.18 |
| avahi | avahi | 0.6.19 |
| avahi | avahi | 0.6.20 |
| avahi | avahi | 0.6.21 |
| avahi | avahi | 0.6.22 |
| avahi | avahi | 0.6.23 |
| avahi | avahi | 0.6.24 |
| avahi | avahi | 0.6.25 |
| avahi | avahi | 0.6.26 |
| avahi | avahi | 0.6.27 |
| redhat | enterprise_linux | 5.0 |
| redhat | enterprise_linux | 6.0 |
| canonical | ubuntu_linux | 8.04 |
| canonical | ubuntu_linux | 9.10 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 10.10 |
| debian | debian_linux | 5.0 |
| debian | debian_linux | 6.0 |
| debian | debian_linux | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References